Maemo security

(Adding links to slides)
(What is "Open Mode" and can it be revoked remotely?)
Line 17: Line 17:
===What is "Open Mode" and can it be revoked remotely?===
===What is "Open Mode" and can it be revoked remotely?===
 +
 +
"Open" mode is when an unsigned kernel has been booted. Disabling it remotely would, presumably, require a change to the bootloader. See [http://www.slideshare.net/peterschneider/maemo-6-platform-security slide] #??? --[[User:jaffa|Jaffa]] 11:36, 13 October 2009 (UTC)
===How easy is it to switch between Open and Closed modes?===
===How easy is it to switch between Open and Closed modes?===

Revision as of 11:36, 13 October 2009

At the Maemo Summit 2009, Nokia shared a great deal of information about the security mechanisms that would be available and/or mandated in upcoming platforms.

The concepts outlined include well established favourites in the OSS world (like privilege management) as well as some that are rather less well regarded - such as relatives of the Trusted Computing Platform and DRM.

Inevitably there will be a significant amount of interest and concern about how this affects the open nature of the Maemo platform.

This page is intended to capture community questions (and, eventually I hope, Nokia's answers) about these issues.

Initially please add questions to the discussion page and once they've been refined and consolidated, we'll add them onto this page.

Some examples:

Contents

Is there a diagram showing the security framework and components?

What is "Open Mode" and can it be revoked remotely?

"Open" mode is when an unsigned kernel has been booted. Disabling it remotely would, presumably, require a change to the bootloader. See slide #??? --Jaffa 11:36, 13 October 2009 (UTC)

How easy is it to switch between Open and Closed modes?

How granular is the encryption?

Can open applications use the privilege mechanisms in the Open and Closed modes?

Can open applications use the DRM encryption mechanisms in the Open and Closed modes?

Will community extensions to the kernel (modules) be permitted in Open/Closed modes?

Is there any GPLv3 software impacted?